const express = require("express");
const router = express.Router();
const db = require("../db");

const auth = require("../middleware/authMiddleware");
const admin = require("../middleware/adminMiddleware");

// CREATE COURSE
router.post("/", auth, admin, async (req, res) => {
const { title, description, videos, thumbnail } = req.body;

await db.query(
"INSERT INTO courses (title, description, videos, thumbnail) VALUES (?, ?, ?, ?)",
[title, description, JSON.stringify(videos || []), thumbnail || ""]
);

res.json({ msg: "Course created" });
});

// GET ALL COURSES
router.get("/", async (req, res) => {
const [rows] = await db.query("SELECT * FROM courses");

const data = rows.map(c => ({
...c,
videos: JSON.parse(c.videos || "[]")
}));

res.json(data);
});

// USER PROFILE
router.get("/user/profile", auth, async (req, res) => {
const [rows] = await db.query(
"SELECT id, name, email FROM users WHERE id = ?",
[req.user.id]
);

res.json(rows[0]);
});

// UPDATE PROFILE
router.put("/user/profile", auth, async (req, res) => {
const { name } = req.body;

await db.query(
"UPDATE users SET name = ? WHERE id = ?",
[name, req.user.id]
);

res.json({ msg: "Profile updated" });
});

// ENROLL
router.post("/enroll/:id", auth, async (req, res) => {
const userId = req.user.id;
const courseId = req.params.id;

const [existing] = await db.query(
"SELECT * FROM enrollments WHERE user_id=? AND course_id=?",
[userId, courseId]
);

if (existing.length) return res.json({ msg: "Already enrolled" });

await db.query(
"INSERT INTO enrollments (user_id, course_id) VALUES (?, ?)",
[userId, courseId]
);

res.json({ msg: "Enrolled" });
});

// GET SINGLE COURSE (PROTECTED)
router.get("/:id", auth, async (req, res) => {
const [rows] = await db.query(
"SELECT * FROM courses WHERE id=?",
[req.params.id]
);

if (!rows.length) return res.status(404).json({ msg: "Not found" });

const course = rows[0];
course.videos = JSON.parse(course.videos || "[]");

res.json(course);
});

module.exports = router;